Add cors

[GaballaGit]

Adds CORS to the server.

This is a draft for now because I would like to talk about what to have CORS allow before making it a pr.

[TheJolman]

@GaballaGit I've been thinking about this. Obvious things we'll want to allow is our website admin page uri once the site gets created, and the location of our discord bot client too. The issue you may have seen as well is that our CLI client is usable from any person's computer. Thinking about it and also asking Claude it seems that we kinda have to pretty generous with our allowed origins unless we want to use a proxy layer (but tbh I don't think this really solves anything, lmk if you disagree). It might be a good idea to tighten up our auth, requiring membership in our server to make ANY request, even if its read-only. This would also help mitigate a potential cloud bill if we have one. LMK what you think 🚀

(but for now its enough to just have the middleware at all and we can just allow * since its not even live yet)